According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacksaround the middle of 2010.

Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)

However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.

Representative Jody Hice (Credit: Twitter)

Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)

It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.

The US Secret Service Badge (Credit: public domain)

At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.

This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”

The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)

Carlos Pascual, a State Department official based in Mexico City, writes an email meant to be passed to Clinton discussing US government assistance to Mexico after Hurricane Alex. The subject heading and more text in the email will later be redacted with a code indicating the mention of a name of a secret Defense Department official. The message is forwarded to email, but there’s no apparent reply from her. (US Department of State, 2/29/2016)

Deputy National Security Advisor Ben Rhodes sends an email to over a dozen US officials. One name and email address will later be redacted because they are of a secret CIA official. The content and even the subject heading of the email are later completely redacted. Clinton aide Jake Sullivan receives the email and forwards it to Clinton. (US Department of State, 2/13/2016)

A US official whose name is later classified sends an email to at least two dozen other US officials. Most of their names will later be classified as well. At least one redacted recipient’s name is that of a secret CIA official. The email concerns a recent WikiLeaks release of classified documents and includes an attachment that has a statement by senior Defense Department officials and relevant talking points. Clinton aide Jake Sullivan forwards the email to Clinton. (US Department of State, 2/26/2016)

Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)

Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015)

It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)

Clinton poses with an iPad during a book signing event on June 17, 2014. (Credit: The Associated Press)

An email exchange shows her iPad has recently arrived, and she is excited to learn how to use it. An account on her official website in 2015 will say, “When the iPad came out in 2010, she was as curious as others and found it great for shopping, browsing, and reading articles when she traveled. She also had access to her email account on her iPad and sometimes used it for that too.” (Hillaryclinton.com, 7/13/2015) (US Department of State, 8/31/2015)

Clinton aide Jake Sullivan forwards Clinton an email chain that has been discussing the recent releases of classified US government information by WikiLeaks and Julian Assange. Over 30 US officials are included in the email chain; the name and email address of one of them will later be redacted because that person is a secret CIA official. (US Department of State, 2/13/2016)

Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015)

Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.

Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015)

It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)